Configure firewalld for Pacemaker, DRBD, and LINSTOR.

This article will help you enable Pacemaker, DRBD, and LINSTOR communications through firewalld.

The Pacemaker stack and it's components have a service file that ship with firewalld. You can enable Pacemaker/Corosync/DLM communication through the firewall using that service file like so:

# firewall-cmd --permanent --add-service=high-availability
# firewall-cmd --reload

DRBD does not have a firewalld service file upstream, so you must specify the port range you're using for DRBD configurations:

# firewall-cmd --permanent --add-port=7788-7799/tcp
# firewall-cmd --reload

LINSTOR also does not have a firewalld service file upstream, so you will need to specify ports for its various components. It also provisions DRBD devices using a default port range starting at port 7000:

# firewall-cmd --permanent --add-port=3376/tcp # Controller port
# firewall-cmd --permanent --add-port=3370/tcp # Controller REST API port
# firewall-cmd --permanent --add-port=3366/tcp # Satellite port
# firewall-cmd --permanent --add-port=7000-7999/tcp # DRBD port range
# firewall-cmd --reload

 

Reviewed 2020/12/01 - DGT